Skip to main content
Topic: Email Solutions: what do you use? (Read 714 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

Re: Email Solutions: what do you use?

Reply #15
Quote from: nezunezu – on
And Mailfence will not let me proceed without a non-Mailfence recovery email address. Doesn't this defeat the purpose?
That depends on your purpose. I'm certainly privacy-oriented, but this specific thing doesn't bug me. I mean, what are they going to do, post a cross-reference on their website?

In my case, I have another e-mail I use for keeping certain correspondence off in it's own sort-of container, which is just one part of my overall privacy strategy. So I used that one. Hasn't caused me any trouble.

Re: Email Solutions: what do you use?

Reply #16
Quote from: ####### – on
German's are also reputed to be methodical, presumably why they want to know these details. Think BMW, Mercedes, or Artoo - Artix has a significant German input.
Sincerely, I don't want to force the issue, but I think it's important I make a point for future readers of this forum. My personal experience has brought me to expect only the best from German technology, both tangible and intangible, but that is no reason for me to give any web company (German or otherwise) the benefit of the doubt, or spin it in a positive light of being meticulous, when they mandate submission of more data than they legally or operationally require. And I don't think that GMX deserves to take credit for the merits of Artix just because their people were born within the same borders.
Quote from: ####### – on
Dependable or well engineered would be more appropriate.
A chain is only as strong as its weakest link, and their policies don't reflect well on how seriously they take their customers' wellbeing. I measured the zxcvbn entropy of an 8-character ASCII password (completely random, to be generous) to be 53 bits at the very most, with some having as low as 30 bits of entropy. It doesn't matter how dependable or well-engineered the rest of the service is if a cracker only needs the power of ordinary desktop hardware to break in.
Quote from: ####### – on
Mail.ru is the only email provider I've come across that sends me a birthday email, by the way, so how thoughtful and kind is that, given that most want to know my date of birth, but then never do anything about it?  ;D
Oh, Gmail might've wished me a happy birthday a long time ago, I don't remember, but such a minute automated gesture from a technology company is not particularly meaningful to me with regard to kindness. For instance, Facebook and Twitter/X celebrate user birthdays, but have publicly admitted to engineering their algorithms to make people miserable and angry and to sow discord, and they infamously abuse their power to skirt accountability for the very real tortures and deaths this causes in less stable and more authoritarian parts of the world.
Quote from: just_jed – on
I'm certainly privacy-oriented, but this specific thing doesn't bug me. I mean, what are they going to do, post a cross-reference on their website?
My fault, I was unclear. It's not exactly an issue of privacy, but of tidiness and security. Mailfence's website makes it clear that their target market is users with security in mind, so why then force them to use the presumably inferior security (and privacy) of another email provider as the recovery method of all things? Not to mention the inconvenience of choosing, registering with, and maintaining access to an entire other provider - I'm already forced by civilization to have a telephone number, so why can't they use that instead like almost everyone else?
I know that I am nit-picking, and that I am overthinking this, and that things requiring this much privacy and security shouldn't be sent over email anyway, but the apathetic insistences of school, work, housing, medicine, insurance, government, etc. are not up to me, and if I am going to get wet (by rejecting Google) then I might as well swim, I think.
Quote from: gripped – on
I'm not necessarily saying you SHOULD self host your email.
Only that this is the only way to have full control over them. imho.
I don't trust the providers of email services in many senses so prefer to host my own.
I think I have completely run out of other options :P Does it matter what kind of mini-PC I set up for this, or will any old thing off eBay work? (And what do I need to consider besides price when choosing a domain registrar and VPS provider? What do you use, and can you recommend them?)

Re: Email Solutions: what do you use?

Reply #17
Quote from: nezunezu – on
Does it matter what kind of mini-PC I set up for this, or will any old thing off eBay work? (And what do I need to consider besides price when choosing a domain registrar and VPS provider? What do you use, and can you recommend them?)
I've been self-hosting my own emails for >5 years now with opensmtpd+dovecot stack.

For the hardware part, I've been using OpenWRT-capable routers in the past, then jumped to thin clients. They are power-efficient and provide crazy amount of computing power for hosting needs. Most of them are cooled passively, so completely silent. Used ones are dirt-cheap. One of my tiny servers was running on an Igel M340C. You can even put a SATA SSD inside after disassembling its external casing and make it function as a NAS.

As for the software stack - opensmtpd+dovecot do work quite well, but management may come as somewhat clunky. You can try the upcoming stalwart-mail. It combines all the functionality of an SMTP, IMAP, JMAP and POP3 server, has a civilised, browser-accessed configuration GUI and if configured for a specified domain name, it will even spit out all DNS records that you need to put into your zone to make it work.

For the domain registrar - personally I went with the one that had a track record of the cheapest renewal (not purchase) fees out there. My email has been working fine without reverse DNS, though DKIM, SPF and DMARC had to be set up properly, or otherwise Google servers would blackhole everything coming from my side.

Re: Email Solutions: what do you use?

Reply #18
Quote from: nezunezu – on
I think I have completely run out of other options :P Does it matter what kind of mini-PC I set up for this, or will any old thing off eBay work? (And what do I need to consider besides price when choosing a domain registrar and VPS provider? What do you use, and can you recommend them?)
There's little point me telling you the vps providers I use as it's highly unlikely you'll  find the offers on their webpages at this time.
If you go to https://lowendbox.com/ you can find providers offering short-lived deals you will only find there (or on similar such sites?)
That's how I found mine, but it's been a while now so I can't promise this hasn't changed? 
As it's bargain basement I have sort of expected them to disappear overnight at some point. I take nightly incremental backups of them all. But I've been lucky and never had one fold on me.

Another thing I'll add is that for Webmail access to the email servers I use Roundcube.
 

Re: Email Solutions: what do you use?

Reply #19
Password security is only a practical issue when you can have multiple tries or access the hashed password, if you only get a limited number of attempts before the account is locked it's not a problem. And that's a minimum number, if you want more characters you can have them. Perhaps it's rather that they have implemented their security policy in a way such that they take care of it and make it unobtrusive and simple for users, rather than placing the responsibility on you, knowing that vast numbers of their non-technical users are going to put "mypassword123" on all their internet accounts or something equally silly. They could monitor IP address locations and machine ID for suspicious activity. Asking extra questions help to ensure you are who you say you are, and even if it's used for targeted ads, you'll never see any with an ad blocker.

GMX Privacy policy:
https://www.gmx.co.uk/company/privacypolicy/
Content data - in the context of user surveys, for example, socio-demographic information such as age and gender is requested, but this information is evaluated in pseudonymized form

 Total security and privacy is a lost cause, when serious criminals or terrorists are caught they can recall and view their entire internet history,  news reports will describe how they tried to conceal their activities using encrypted methods. Those same encryption algorithms were 'donated' for web use by Government secret service agents, and all your internet data is routed through someone else's servers, even if you host it yourself, although you would avoid sharing it with the email providers themselves, but not the authorities and your ISP. There are numerous semi-secret facilities devoted to monitoring the internet and other communications, most countries have places like this:
 https://www.gchq.gov.uk/section/mission/overview
They have bases which intercept the undersea data cables where they arrive, it really doesn't seem worthwhile to try and argue with that level of technological superiority to me.

GMX has been around since 1997 and is one of the most popular and trusted providers in Germany, there's nothing to worry about and I think they offer one of the best free email services, but if you want to do something else, that's fine by me, I applaud your choice whatever it is, as it's for your use and no-one else, go for it!